top of page

Privacy Notice
Version 1.0
16th March 2019

This document describes the information we collect, how we use it and why and your rights under the Data Protection Act 2018 which incorporates the EU GDPR regulations. 

Confidentiality of your personal information is important to us. 

 

We aim to be open and transparent about why we ask for your personal information, how that information will be used, kept safe and your rights in relation to this. 

 

We have a legal duty to keep personal information about you and others confidential. 

Who are we? 

We are The Mercy Project, a Charitable Incorporated Organisation and the Data Controller in relation to your information you provide. 

We can be contacted via email mercy@mercyproject.org.uk 

As we process your information you provide to us by providing it to relevant agencies and sub contractors we are also the data processor. 

What information is recorded about you?  

The information we require from you varies depending on your involvement with The Mercy Project and may include the following: 

When you donate money to us 

  • Name 

  • Address 

  • Contact Details (email address or mobile phone number) 

When you receive a grant from us 

  • Name  

  • Address 

  • Contact Details (email address or mobile phone number) 

  • Proof of ID documents  

  • Date of Birth 

  • Bank Details  

When you are a Trustee 

  • Name  

  • Address 

  • Contact Details (email address or mobile phone number) 

  • Proof of ID documents  

  • Date of Birth 

  • DBS check details 

  • Proof of ID documents 

What the information is used for. 

We collect information as follows: 

We collect basic contact details from anyone wishing to make a sizable donation to ensure we comply with money laundering legislation. 

We may collect information about your address and tax status in order to claim gift aid on your donation. 

We collect information on application for grants to ensure we comply with money laundering legislation; have bank account details in order to give the grant and to enable any checks to ensure the grant is in line with the CIO’s policy. 

We collect information about Trustees to ensure annual reports can be completed and probity in operation of the CIO. Copies of some documents will be taken in order to confirm identity or DBS checks. 

What processing we do with information collected 

We are responsible for, and must be able to demonstrate, compliance with the GDPR principles. 

In order to process the data, we must have a valid and lawful basis to do so.  

Information may be used for according to one of the following lawful reasons: 

 

  • Legal obligation: the processing is necessary to comply with the law. 

  • Legitimate interests: the processing is necessary for your legitimate interests 

  • Consent: You have given clear consent to use your personal data for specific purposes 

 

In order to process the personal information, we have decided the most appropriate basis for each category of information.  We have carried out a privacy impact assessment of the personal data we record and process which is attached as appendix A.  

When you donate money to us 

  • We will store information in a secure online storage location which is password protected and only accessible to trustees of The Mercy Project. 

When you receive a grant from us 

  • We will store information in a secure online storage location which is password protected and only accessible to trustees of The Mercy Project. 

  • We will provide bank account details to our bank in order to enable payment. 

  • We will not provide copies of documents to third parties unless legally obliged to do so. 

When you are a Trustee 

  • We will store information in a secure online storage location which is password protected and only accessible to trustees of The Mercy Project. 

  • We will not provide copies of documents to third parties unless legally obliged to do so. 

Storage of personal data 

Information received on email is via the Microsoft cloud service for office 365.  Further information on security of this service can be found at https://privacy.microsoft.com/en-us/privacystatement .  

Electronic information is stored on an office 365 secure storage area which is password protected and only available to The Mercy Hub Trustees. 

Any original paper documents or photocopies received are held in a locked filing cabinet. 

Disposal of records, both paper and electronic, takes place in a secure way and at a time in accordance with the privacy impact assessment Appendix A.  

We believe the above steps ensure your information is protected from inappropriate access and we feel confident the information is held securely and confidentially. 

How we communicate with you. 

We will normally communicate with you in person, by phone or email. 

Who we share data with and how long we keep it. 

We may share data with 

  • Our Bank 

  • Our Financial advisor 

  • Our sub contractors and support companies in order that they can provide a service to us 

We will keep information from perspective Trustees but who do not become Trustees for 6 months. We will keep Trustee information for 2 years after they cease being a Trustee. 

We will keep information from donors for 2 years after the donation and 6 years for gift aid. 

We will keep information collected from recipients of grants for 2 years after the grant has been given or 2 years after final grant report has been received by the Trustees whichever is the latest. 

What we will not do 

We will not send you unsolicited marketing material or sell your information to any company which may wish to use it for this purpose. 

We will not pass on your personal data to unrelated third parties unless we are allowed or required to do so by law or we have your explicit permission to do so.  

We will not transfer or store your personal data outside of Europe (the European Economic Area) outside of the control of the UK / European regulations. 

Your Rights and the Information Commissioners Office 

As a general rule, the individual who is subject to the processing of data has a number of rights under the GDPR: 

  • the right to be informed; 

  • the right of access; 

  • the right to request a copy of the information we hold about you; 

Under the law you may have additional rights for example: 

  • the right to rectification; 

  • the right to erasure; 

  • the right to restrict processing; 

  • the right to data portability; 

  • the right to object;  

  • The right not to be subject to automated decision-making including profiling. 

 

Please contact mercy@mercyproject.org.uk if you wish to request access to any of your personal data and we will always endeavour to answer your questions. 

If you are not happy with the service provided in relation to personal data please contact us in the first instance. If after contacting us you are still not happy you may complain to the UK Information Commissioner’s Office (ICO) at https://ico.org.uk/  

Our ICO registration number is ZA502510. 

Communication preferences 

From time to time we may communicate with volunteers; this will be according to the preferences expressed using the corm in appendix B. Volunteers may at any time change their communication preferences by contacting us via email at mercy@themercyproject.org.uk 

Changes to this privacy notice 

If we change this privacy notice we will supply updated versions to current Trustees. Other data subjects may obtain copies of the notice by emailing mercy@mercyproject.org.uk 

bottom of page